|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online.
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
ArubaRed
Trooper
Joined: Jan 25, 2004
Posts: 25
Location: UK
|
 Posted: Sun Mar 28, 2004 8:34 am Post subject: Norton Visual Tracking? |
|
|
What does this mean.....when I check my ACTIVIY LOG  on my Norton Antivirus.
in INTERNET SECURITY
VISUAL TRACKING
NETWORK INFO...unused port blocking has blocked communications
Inbound TCP connection
Remote address, local service....then it shows someones IP to
Click on the address to trace the attacker.
A world map shows... and I have had Japan, London, India, as LOCATIONS of these so called attackers. I am a little puzzled, can someone please enlighten me..... |
|
| Back to top |
|
 |
conrad
Corporal
Joined: Dec 07, 2003
Posts: 66
Location: Thailand
|
| Posted: Sun Mar 28, 2004 9:47 am Post subject: |
|
|
Hi ArubaRed. Visual Tracking is the tool in Norton Internet Security that tries to trace the source of an intrusion on your PC (from your post, I assume you are running NIS?)
In the instance you describe in your post, someone has tried to connect to your computer using a port that NIS is monitoring, and it has determined this connection attempt to be hostile (based on the typical actions and ports that hackers often use).
This creates a Security Alert - you will be able to see this alert at the time it happens if you have selected the options to display the Alert Tracker, or to display NIS in the system tray.
From here you can request more information about the alert, and this is the point that Visual Tracking kicks in. Based on the information NIS gathers about the hacker at the time of the attack (IP address), it then tracks down where in the world the attack came from, and provides some info on who the IP address is supposedly registered to. You can then use this info to report the attack to the network administrator of the company/entity/network the IP address belongs to.
That's the theory, anyway. I haven't gone as far as reporting attacks yet, so I do not know if it is effective.
I hope this answers your question - it seems you are looking at log entries of this kind of activity. Submit a post if you want some pointers on how to configure NIS so that you can see these alerts as they happen.
conrad. |
|
| Back to top |
|
|
BillC
1st Responder
Premium Member
Joined: Jun 25, 2003
Posts: 429
Location: Atlanta, Ga.
|
| Posted: Sun Mar 28, 2004 9:54 am Post subject: |
|
|
I believe what you are seeing is nothing more than general internet background 'noise' that is most common. These port scans can come from anywhere and because they are not sure where they are going they hit a lot of computers.
So what do I mean by not knowing where they are going you ask. Well, if you are a hacker or simply a mischievous techie wanted to see what you can do, you might send out a trojan or virus and try to spread it the most common way...via e-mail. But, you will not know how successful you are until you send out scans looking for computers you've be able to infect. Seeking a connection and confirmation or worse, some control. Make sense?
There is a lot of traffic on the internet and clearly not all bad. Just know your firewall is doing it's job.  |
|
| Back to top |
|
|
ArubaRed
Trooper
Joined: Jan 25, 2004
Posts: 25
Location: UK
|
| Posted: Sun Mar 28, 2004 10:11 am Post subject: |
|
|
Hi BillC and Conrad...phew..thanks for that!
I only happened to see it last night because I had had 3 Norton alerts...re hackers pop up on my screen. I found the list while conducting yet another scan....there were quite a few *trying to invade*..I was a little shocked.
Montevideo is my latest??? ...READING AS FOLLOWS
Orig name Latin American and Carribean IP address regional registry
Orig ID LACNIC
Address Potosi
City Montevideo
Postal Code 11500
Does this mean anything to anyone....WHO ARE THESE PEOPLE?
BTW...yes I am using the NIS |
|
| Back to top |
|
|
BillC
1st Responder
Premium Member
Joined: Jun 25, 2003
Posts: 429
Location: Atlanta, Ga.
|
| Posted: Sun Mar 28, 2004 10:34 am Post subject: |
|
|
| Alas, I can not tell you who they are except to suggest they are probably not after you specificly but rather infected machines or ones that are vulnerable through a lack of security. With your NIS, I'd say you should be alright as long as you don't let a baddie in via email or file sharing. I would suggest that you apply any and all security patches to your OS if you have not already done so. |
|
| Back to top |
|
|
ArubaRed
Trooper
Joined: Jan 25, 2004
Posts: 25
Location: UK
|
| Posted: Sun Mar 28, 2004 11:39 am Post subject: |
|
|
Hi Bill,
I am ALWAYS updating though I have still been got....(so I have been told) would you mind looking at my post APPLICATION ERROR...maybe you can enlighten me on that as I really don't know where to begin.
Every time I exit outlook express I get the same box as written in my post! 
Can you help?...please |
|
| Back to top |
|
|
ArubaRed
Trooper
Joined: Jan 25, 2004
Posts: 25
Location: UK
|
| Posted: Sun Mar 28, 2004 12:52 pm Post subject: |
|
|
| conrad wrote: |
I hope this answers your question - it seems you are looking at log entries of this kind of activity. Submit a post if you want some pointers on how to configure NIS so that you can see these alerts as they happen.
conrad. |
I most certainly would like you to show me some pointers re the above, thankyou for the offer. 
|
|
| Back to top |
|
|
conrad
Corporal
Joined: Dec 07, 2003
Posts: 66
Location: Thailand
|
| Posted: Mon Mar 29, 2004 2:49 pm Post subject: |
|
|
Hi ArubaRed
NIS usually activates these features by default, but in case they are not running in your config:
To enable the NIS systray icon and Alert Tracker
1. Go to Start > Programs > Norton Internet Security and select the Norton Internet Security application item to launch the NIS console.
2. In the NIS console, click Options, and select Internet Security from the drop down menu.
3. On the General tab, check:
Show the Alert Tracker to, ahem, show the Alert Tracker.
This is a tab that appears at the side of your screen, which slides out to notify you of various events, such as intrusions (hacks) or program updates after running Live Update. You can double-click it to see the last alert, or drag it to move it to a different position.
Show NIS icon in the system tray to get quick access to NIS through the systray.
The systray icon allows notifies you of intrusions - it will flash a little exclamation mark to let you know an intrustion has been detected. You can then either launch Visual Tracking from the systray icon, or simply clear the alert to carry on working. The systray icon also indicates if NIS has been disabled, and give you quick access to the NIS console and Live Update, etc.
4. That's it.
Perhaps you have found these features already, but if not, I hope this helps. Have a look around these two features, they hold a few other shortcuts to the NIS suite I haven't mentioned. If you don't want to activate both, the systray icon is probably more useful.
conrad. |
|
| Back to top |
|
|
ArubaRed
Trooper
Joined: Jan 25, 2004
Posts: 25
Location: UK
|
| Posted: Mon Mar 29, 2004 5:19 pm Post subject: |
|
|
Hey Conrad,  Thanks for the guide.....brilliant! really appreciate all of your help.  |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
